finlab

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns or security risks were identified. The skill is designed for quantitative financial analysis and explicitly includes diagnostic tools (e.g., verify_strategy()) to help users prevent logical errors such as lookahead bias.
  • [COMMAND_EXECUTION]: The skill utilizes the uv package manager for environment setup and dependency management. These are standard, non-malicious shell operations for Python development environments.
  • [EXTERNAL_DOWNLOADS]: Installs the author's own library (finlab) along with standard industry SDKs (shioaji, esun-trade) and popular data science libraries (optuna, lightgbm, scikit-learn) from the official Python Package Index (PyPI).
  • [CREDENTIALS_UNSAFE]: Adheres to security best practices by instructing users to manage broker credentials through environment variables instead of hardcoded secrets.
  • [DATA_EXFILTRATION]: No unauthorized data transmission was found. Network activity is limited to user-initiated sessions for market data fetching, authentication via standard OAuth flows, and broker order execution.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 04:03 PM
Security Audit — agent-trust-hub — finlab